Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing.

Published byJeffry Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing."— Presentation transcript:

1 1 Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing

2 2 SIP Network in SDL

3 3 Call Hijacking – Possible Scenario 1006 1007 1004 SIP Proxy Registrar Covert Registrar/Proxy Routes the Call LAN Dial 1006 Re-Registered 3 2 1

4 4 Vulnerability to Call Hijacking IP Phone Tester (Registrar) REGISTER INVITE (someone wants to talk) OK (you are registered, no auth.) 180 Ringing Fail ! IP Phone in SDL w/fix REGISTER OK 403 Forbidden Pass ! Tester (Registrar) Corrected - Phone rejects unauthenticated Registrar Vulnerable - Phone accepts the Registrar without authentication

5 5Vulnerable REGISTER requests stop Cisco IP Phone 7940

6 6Corrected The SDL Model of the IP Phone authenticates the proxy

7 7 Formal Approach in Design and Testing Formal Languages and Methods (SDL, MSC, ASN.1, TTCN) –every statement is mathematically provable to be correct –every statement validated by trusted tools –standards and spacifications can be validated before approval Programming code generated by machine –no human intervention –no errors, no Trojan horses Trusted tools generate the implementation –tools based on formal techniques can be certified as trusted –implementation of a standard can be certified as trusted Tests generated from validated specifications –traceability to trusted design requirements and specifications

Download ppt "1 Formal Methods Demo Session Initiation Protocol (SIP) Vulnerability Testing."

Similar presentations

SIP(Session Initiation Protocol) - SIP Messages

SIP(Session Initiation Protocol) - SIP Messages
VoIP made simple. Welcome to Vertical’s SBX IP Technical Webinar.

VoIP made simple. Welcome to Vertical’s SBX IP Technical Webinar.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
System and Software Engineering Research 1 Motorola 2003 Integrated Application of MSC Clive Jervis Rapporteur Q15 Motorola UK Research Labs.

System and Software Engineering Research 1 Motorola 2003 Integrated Application of MSC Clive Jervis Rapporteur Q15 Motorola UK Research Labs.
Use of ITU-T languages in Nokia

Use of ITU-T languages in Nokia
International Telecommunication Union © ITU-T Study Group 17 Use of ITU-T Formal Languages Amardeo Sarma NEC Europe Ltd.

International Telecommunication Union © ITU-T Study Group 17 Use of ITU-T Formal Languages Amardeo Sarma NEC Europe Ltd.
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
Tool support for Distributed Object Technology

Tool support for Distributed Object Technology
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.

Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.
SIP Testing Methodology Elie Cohen ProLab PM 17/01/2003.

SIP Testing Methodology Elie Cohen ProLab PM 17/01/2003.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Skype Connected to a SIP PBX

Skype Connected to a SIP PBX
A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University

A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University
Application Layer Protocols For Real-Time Media Transmission

Application Layer Protocols For Real-Time Media Transmission
Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.
E*phone sipc Software SIP user agents Hardware Internet (SIP) phones SIP proxy, redirect server SQL database sipd SIPH.323 converter NetMeeting siph323.

E*phone sipc Software SIP user agents Hardware Internet (SIP) phones SIP proxy, redirect server SQL database sipd SIPH.323 converter NetMeeting siph323.

Similar presentations

Ads by Google